Spam Wars: Filters Strike Back
Until now, antispam developers and their products have played defense only. But now, one activist wants spam filters to automatically launch attacks against suspected spammers’ sites to shut them down.
Fearing that spammers are increasingly finding ways to slip
their unwanted messages past the current generation of filtering technologies,
activists are taking a second look at a proposal to use denial-of-service
attacks in the fight against spam.
Such attacks, which are illegal and can disrupt a company’s
communications network by burying its servers in unnecessary requests, have
traditionally been associated with pranksters who use viruses to distribute
their attack software on thousands of computers.
Under the proposal, which was initially published in August by antispam activist Paul
Graham, the attacks would be launched automatically by the next generation of
spam filters. The attacks would be initiated whenever the filters received a new
piece of spam containing a Web link.
If enough people used filters with the feature, the resulting
amount of traffic to the spammers’ links could dramatically raise the spammers’
bandwidth costs or even shut down their websites.
“Technically, it’s beautifully balanced,” said Graham, whose
2002 proposal on using Bayesian algorithms to fight spam led to the rise of
the current generation of filters. “It’s a way to raise spammers’ bandwidth
costs in exact proportion to the amount of spam that they send out.”
Graham’s latest proposal is not without its critics, however,
who say that a sudden burst of requests coming from thousands or maybe even
millions of spam filters around the world could drain Internet resources.
Graham readily dismisses the argument. “That’s identical to
saying that you shouldn’t have police chase down criminals because it uses up
resources,” he said. “Yeah, there’s an increase in bandwidth initially, but the
net effect is worth it.”
He adds that developers of antispam products should allow
users to limit the number of times that their filters try to access a particular
link during an attack, or even to disable the feature completely if they choose.
But even when presented with this solution, opponents say
Graham’s plan has other problems that render it unsuitable — the most important
of which is its potential to harm legitimate companies.
According to Francois Lavaste, vice president of marketing
for
Brightmail, an antispam software firm, some spammers set up their Web pages
on free Web-hosting services. “Launching any type of DoS attack on those pages
could actually damage the entire service,” said Lavaste.
Additionally, spammers and pranksters could abuse the system
by sending out junk mail containing links to innocent websites that they simply
don’t like. If enough filters flagged the mail as spam, they could inadvertently
launch an attack against those sites.
As a precaution against such abuses, Graham notes in his
proposal that filter developers should require their products to check all links
against a blacklist of domain names belonging to known spammers before launching
an attack. But some developers have been burned by blacklists in the past and
note that the lists themselves can be abused.
“At Matterform, we’ve been victimized more than once by
falsified spams that supposedly advertise our URL in an attempt to annoy us,”
said
Matterform Media President Michael Herrick, whose company develops the
Spamfire filter.
“The antispam vigilantes caused us all kinds of problems by
blacklisting us without any human investigation,” added Herrick. “The vigilantes
told us we should be angry with the spammers, not them. Somehow, it didn’t work
that way.”
Herrick says he’s not completely against Graham’s idea,
though. Indeed, Matterform’s Spamfire already features a “Bug the WegBugs”
option designed to confuse spammers.
Whenever a Spamfire user selects the option, the program
searches through messages for “Web bugs” — images used for tracking purposes –
and then repeatedly sends back false tracking data to the spammer’s server.
The tactic is not going to shut down the spamming industry
overnight, admits Herrick. However, he does believe that antispammers can make a
significant dent.
“It’s a cat-and-mouse game with spammers,” he said. “They
mutate, we adapt. We fight back, they parry. But (this tactic) can be another
hoop the spammers have to jump through. The more hoops, the more likely they are
to fall down.”
